CVE-2021-38121

HIGH

NetIQ Advance Auth <6.3.5.1 - Info Disclosure

Title source: llm

Description

Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1

References (1)

[Release Notes, Vendor Advisory] https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6351/data/advanced-authentication-releasenotes-6351.html

Scores

CVSS v3 8.3

EPSS 0.0004

EPSS Percentile 12.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-326

Status published

Products (2)

microfocus/netiq_advanced_authentication 6.3 (7 CPE variants)

microfocus/netiq_advanced_authentication < 6.3

Published Aug 28, 2024

Tracked Since Feb 18, 2026